1. Below are the FortiSandbox HA-Cluster pre-requisites:

• Primary and secondary units
  1. Same model and configuration.
  2. Same firmware version.

• Worker unit. 
  1. Different model.
  2. A different set of Windows VMs from the primary or secondary units.
  3. Same firmware version.

• HA-Cluster requires all nodes to have port1 to be accessible.

Nodes use that port to communicate with each other.

• Each node should have a dedicated network port for internal cluster communication.

• The system time must be synchronized on all nodes in the HA cluster.

1. Prevents out-of-sync job results, logs, and statistics.
2. Prevent the secondary device from becoming the primary device during reboot.

• Port1 and any other ports set through 'set admin-port' are not recommended for use as an internal communication port.
  
  

2. Configuring the HA settings on Primary FortiSandbox by running the CLI command below in the Primary FortiSandbox unit.
   
   

    > hc-settings -sc -tM –n<Primary FortiSandbox name> –c<HA-Cluster Name> -p<password for the HA> -i<HA communication interface>

> hc-settings -si –i<external interface for the cluster> -a<external IPs for this cluster>

3. Review HA settings on Primary FortiSandbox.

4. Configuring the Secondary FortiSandbox by running the CLI command below.

> hc-settings -sc -tP –n<name of Secondary FortiSandbox > -c<HA-Cluster Name> -p<password for the HA> -i<HA communication interface>

5. Review the HA setting on Secondary FortiSandbox.

6. Adding the Secondary to the FortiSandbox HA Cluster by running the CLI command in the Secondary FortiSandbox.

hc-worker -a –s<IP address of Primary’s HA internal communication interface> –p<password for the HA>

7. Review the HA status.

8. Configuring Worker FortiSandbox by running the CLI command below:

> hc-settings -sc -tR –c<cluster name> -p<HA password> -n< FortiSandbox worker name> -i<HA communication interface>
> hc-worker -a –s<IP address of Primary’s HA internal communication interface> –p<HA password>